Law & Disorder —

P2P investigations now illegal in Switzerland

The Swiss Federal Supreme Court has just ruled that antipiracy investigators …

Switzerland, a longtime haven for all kinds of financial shenanigans, has just expanded its reputation for "discretion" to cover file-sharing as well. That's the conclusion of Logistep AG, anyway, as a Swiss court has just gutted its P2P surveillance business with a ruling that says gathering even publicly available information is illegal.

Logistep has operated in Switzerland since 2004, doing what all of these firms do: trolling BitTorrent sites for movies, music, or software, then connecting to swarms and logging the information of everyone offering the file. Bits of the file are downloaded as proof that these aren't simply "mistitled" files, and information like IP address, file hash value, and time of day are recorded in a giant spreadsheet. Content providers who rely on Logistep can take this information and submit it to local courts, seeking to identify and then sue individual file-swappers.

But Europe has fairly strict data privacy laws and a cultural expectation that data collection will be disclosed, with the data used sparingly. This often alarms Internet advertising companies like Google, which objected in 2008 to an EU proposal to label IP addresses "personal data."

The current EU approach can hardly be described as "hardline"—member states are actually required to implement a Data Retention Directive under which ISPs must hang on to user information so that police can investigate crimes. And IP addresses are not always "personal information." Companies like Logistep (including Guardaley and DtecNet) operate across the EU and perform almost identical functions; Guardaley, in fact, powers the US Copyright Group mass lawsuits currently underway in the US.

But Switzerland, which is not an EU member, has decided that it can't sanction Logistep's behavior. The country's Federal Data Protection and Information Commissioner, Hanspeter Thür, took Logistep to court and this week won a major victory. The Federal Supreme Court ruled that IP addresses are in fact personal information and that companies like Logistep can't go about slurping them up for mere civil cases like file-swapping lawsuits. Logistep must cease all current copyright infringement data collection.

In a press release issued yesterday, Thür praised the court's decision. He sees Logistep as trying to "assume tasks clearly in the State's domain." Only the state can violate personal privacy, and only when pursuing criminal cases.

Thür made clear his view that "today's decision provides no protection for anyone breaking the law. Clearly it should be possible to punish copyright infringements on the Internet." But how will this be done?

Logistep's dueling statement (in German) rounded up a quote from Nikolai Klute, a Hamburg lawyer, who said the decision flew in the face of most other European precedent: "Soon, Switzerland is likely to have the reputation of a safe haven not only for tax evaders, but also for copyright infringers."

The company also hinted that it might move across the Swiss border to a country where its work remains legal.

The ruling would appear to make it difficult to sue just about anyone for anything on the Internet; unearthing someone's identity for a defamation suit or copyright infringement generally requires an IP address. It would also prevent any sort of mass lawsuit campaign against P2P users from taking place in the country's courts.

Makes sense to me. Since the information collected is of no value whatsoever anyway -- why allow it to be collected?

I'd like to see a ruling against this type of evidence in general. You can't prove any specific individual committed any act by an IP address. It makes as much sense to hold the individual who pays the bill for the internet connection liable as it does to hold Google liable because you can find torrents on it. Copyright holders should have to prove they are suing the correct person, and that proof should be without any doubt whatsoever. Security camera footage + DNA should be sufficient.

An IP address seems most similar to a phone number, an identifier of a personal communication link to a certain type of network. Can companies randomly aggregate a list of places people called or data they downloaded on their phone without subpoena?

How about as a trade off though that sites that obviously do nothing to remove illegal torrents must reveal locations of their servers in the court of law? Anyone who is genuinely for fair use should not have an issue with this.

The ruling would appear to make it difficult to sue just about anyone for anything on the Internet

The court clearly states that it's about civil cases, so that's a clearly false statement. You can still get IP information for criminal law (I hope that's the right translation for "Strafrecht" - the german wikipedia article is linked to that english one and my dictionary also agrees, but there could be some differences in the definitions). And you can still sue people over a criminal law (they don't have to win, just find a somehow reasonable charge), get the IP and then use it to press civil charges, I assume (that may not work for mass lawsuit campaigns, but hey that's a good thing in my book) - at least some companies have done that in the last few years.

How about as a trade off though that sites that obviously do nothing to remove illegal torrents must reveal locations of their servers in the court of law? Anyone who is genuinely for fair use should not have an issue with this.

How about as a trade off though that sites that obviously do nothing to remove illegal torrents must reveal locations of their servers in the court of law? Anyone who is genuinely for fair use should not have an issue with this.

But that would breach their right to be on the internet anonymously.

I wasn't aware organizations had a right to anonymity? I honestly think it's perfectly fair.

This issue can't be a one way street. It has to be an equilibrium between corporate and consumer happiness for us to get anywhere. Which means still giving the corporate side options to prosecuting those who are intentionally enabling piracy of their works.

I'd much rather see distributors take heat then users.

It's like the war on drugs you can prosecute as many users as you want but the distributors are still going to sell until they are caught.

The ruling would appear to make it difficult to sue just about anyone for anything on the Internet

The court clearly states that it's about civil cases, so that's a clearly false statement. You can still get IP information for criminal law (I hope that's the right translation for "Strafrecht" - the german wikipedia article is linked to that english one and my dictionary also agrees, but there could be some differences in the definitions). And you can still sue people over a criminal law (they don't have to win, just find a somehow reasonable charge), get the IP and then use it to press civil charges, I assume (that may not work for mass lawsuit campaigns, but hey that's a good thing in my book) - at least some companies have done that in the last few years.

I'm talking about "suing" someone, not having the state "prosecute" them.

How about as a trade off though that sites that obviously do nothing to remove illegal torrents must reveal locations of their servers in the court of law? Anyone who is genuinely for fair use should not have an issue with this.

But that would breach their right to be on the internet anonymously.

I wasn't aware organizations had a right to anonymity? I honestly think it's perfectly fair.

This issue can't be a one way street. It has to be an equilibrium between corporate and consumer happiness for us to get anywhere. Which means still giving the corporate side options to prosecuting those who are intentionally enabling piracy of their works.

I'd much rather see distributors take heat then users.

It's like the war on drugs you can prosecute as many users as you want but the distributors are still going to sell until they are caught.

I can say nothing about Switzerland's laws, but here corporations were recently ruled to have the same rights as citizens, ergo they get the Internet anonymity too. Seems to me you have to take good with the bad when you decide you want all the same benefits of an individual. Again, doesn't pertain to Switzerland per se, but who knows how that would go if Swiss courts had it brought before them?

I do prefer this approach over the current setup we're facing in America. I like that the ruling offers over protection for privacy. Yes, this may cause legitimate defamation cases trouble (or the like), but it also throttles the discovery of identity of people you just happen to dislike or disagree with. If you go the other way (which is what America seems to be leaning toward), you're far less likely to have the laws and ruling scaled back or moderated over time once people's privacy has been removed. Over protection seems to always be a better way to go. It's easier to exception-out and clause those laws for case-by-case scenarios than it is the other way around.

How about as a trade off though that sites that obviously do nothing to remove illegal torrents must reveal locations of their servers in the court of law? Anyone who is genuinely for fair use should not have an issue with this.

They already do, so yes I do take issue with your statement. You're implying that they don't already.

AdamM wrote:

blither wrote:

But that would breach their right to be on the internet anonymously.

I wasn't aware organizations had a right to anonymity? I honestly think it's perfectly fair.

I think that was sarcasm.

AdamM wrote:

This issue can't be a one way street. It has to be an equilibrium between corporate and consumer happiness for us to get anywhere. Which means still giving the corporate side options to prosecuting those who are intentionally enabling piracy of their works.

I'd much rather see distributors take heat then users.

It's like the war on drugs you can prosecute as many users as you want but the distributors are still going to sell until they are caught.

See, that's the problem: right now (in the US at least) it's one-sided in favor of the corporations. John/Jane Doe lawsuits with notably unreliable background, de facto presumption of guilt, mass-mailed demands for reparations, and the various us shenanigans. The laws prior to DMCA et cetera were either fine as-is, or needed minimal modification; the sort of whole-hog ruling that's becoming commonplace is hostile to consumers.

The war on drugs is a horrible example, because the US doesn't have (or doesn't admit to having, although that is a different conversation entirely) the power to go after the producers and distributors. In the case of file sharing, there's a much stronger ability to go after the center points directly.

Very odd ruling, but European norms on data privacy are a little puzzling overall. I frankly do not see what privacy interest there is in one's IP address and data usage that one publicly broadcasts to the entire world. If the only privacy interest is to hide illegal activities*, that is not an interest we should respect.

(Maybe you don't think downloading copyrighted materials should be illegal, but that has little to do with the implications of this case.)

See, that's the problem: right now (in the US at least) it's one-sided in favor of the corporations. John/Jane Doe lawsuits with notably unreliable background, de facto presumption of guilt, mass-mailed demands for reparations, and the various us shenanigans. The laws prior to DMCA et cetera were either fine as-is, or needed minimal modification; the sort of whole-hog ruling that's becoming commonplace is hostile to consumers.

In what way is it one-sided? You act as if tracking people on torrents is somehow an unreliable way of finding copyright infringers. On the contrary, it is probably one of the most accurate ways of separating the "guilty" from the "innocent." (Not really the right terms, since those are not used in civil cases.) It's not like these BT trackers are notoriously inaccurate in the seed/peer lists they produce.

How about as a trade off though that sites that obviously do nothing to remove illegal torrents must reveal locations of their servers in the court of law? Anyone who is genuinely for fair use should not have an issue with this.

But that would breach their right to be on the internet anonymously.

I wasn't aware organizations had a right to anonymity? I honestly think it's perfectly fair.

This issue can't be a one way street. It has to be an equilibrium between corporate and consumer happiness for us to get anywhere. Which means still giving the corporate side options to prosecuting those who are intentionally enabling piracy of their works.

I'd much rather see distributors take heat then users.

It's like the war on drugs you can prosecute as many users as you want but the distributors are still going to sell until they are caught.

I can say nothing about Switzerland's laws, but here corporations were recently ruled to have the same rights as citizens, ergo they get the Internet anonymity too. Seems to me you have to take good with the bad when you decide you want all the same benefits of an individual. Again, doesn't pertain to Switzerland per se, but who knows how that would go if Swiss courts had it brought before them?

I do prefer this approach over the current setup we're facing in America. I like that the ruling offers over protection for privacy. Yes, this may cause legitimate defamation cases trouble (or the like), but it also throttles the discovery of identity of people you just happen to dislike or disagree with. If you go the other way (which is what America seems to be leaning toward), you're far less likely to have the laws and ruling scaled back or moderated over time once people's privacy has been removed. Over protection seems to always be a better way to go. It's easier to exception-out and clause those laws for case-by-case scenarios than it is the other way around.

Yes but when you guarantee anonymity you inadvertently are legally protecting people from getting prosecuted for more nefarious crimes.

How about as a trade off though that sites that obviously do nothing to remove illegal torrents must reveal locations of their servers in the court of law? Anyone who is genuinely for fair use should not have an issue with this.

They already do, so yes I do take issue with your statement. You're implying that they don't already.

AdamM wrote:

blither wrote:

But that would breach their right to be on the internet anonymously.

I wasn't aware organizations had a right to anonymity? I honestly think it's perfectly fair.

I think that was sarcasm.

AdamM wrote:

This issue can't be a one way street. It has to be an equilibrium between corporate and consumer happiness for us to get anywhere. Which means still giving the corporate side options to prosecuting those who are intentionally enabling piracy of their works.

I'd much rather see distributors take heat then users.

It's like the war on drugs you can prosecute as many users as you want but the distributors are still going to sell until they are caught.

See, that's the problem: right now (in the US at least) it's one-sided in favor of the corporations. John/Jane Doe lawsuits with notably unreliable background, de facto presumption of guilt, mass-mailed demands for reparations, and the various us shenanigans. The laws prior to DMCA et cetera were either fine as-is, or needed minimal modification; the sort of whole-hog ruling that's becoming commonplace is hostile to consumers.

The war on drugs is a horrible example, because the US doesn't have (or doesn't admit to having, although that is a different conversation entirely) the power to go after the producers and distributors. In the case of file sharing, there's a much stronger ability to go after the center points directly.

Yes but now we need to find a way to balance this out without inadvertently just reversing roles which can be just as harmful.

Very odd ruling, but European norms on data privacy are a little puzzling overall. I frankly do not see what privacy interest there is in one's IP address and data usage that one publicly broadcasts to the entire world. If the only privacy interest is to hide illegal activities*, that is not an interest we should respect.[...]

I tend to agree with this argument, but I think this particular case should be compared to collecting calling information. Those who route IP packets should/may log the destination and source IP addresses, but shan't disclose without consent. The hard part will be defining whose consent to require. For example, my ISP is the owner of the host (i.e. my NAT) my IP addresses and it was my ISP who registered it from the RIR. In fact, an ISP could employ upstream NAT, whereby multiple users would use the same IP on the public Internet. If there's enaugh demand for it, this could all be covered by contract (between consumer and pirate ISP). Sniffing is a different matter altogether, though.

I guess we'll (just) have to wait for IPv6. It'll be deployed to the massess "next year" anyway, right?

I wish I had the money to move to Switzerland; not taking the BS about copyright infringement to another level like most of the companies here in the US (who only propogate them so they can continue making money off of dated methods rather than discovering new ways to profit off current methods)

Setting up a VPN provider with endpoints in Switzerland seems like it would be a very lucrative endeavor now.

Quote:

Well tax evasion is never good for anyone.

Except the tax evader and the bank holding the hidden money. I'm not condoning it, but still

the really funny part is when the tax evaders are the very same that runs the corporations that drags masses to civilian court. I say to them, clean up your own act before you start complaining about mine...

You can't prove any specific individual committed any act by an IP address.

Once you have the IP address you can perform discovery to find specific evidence (in this case, of copyright infringement). I agree that an IP address is not sufficient evidence by itself, but it shouldn't be thrown out completely.

domovoi wrote:

It's not like these BT trackers are notoriously inaccurate in the seed/peer lists they produce.

Actually, they are. Some trackers deliberately include random "chaff" IP addresses in their database, which is supposed to provide plausible deniability but probably only ends up framing innocent people (and printers).

You can't prove any specific individual committed any act by an IP address.

Once you have the IP address you can perform discovery to find specific evidence (in this case, of copyright infringement). I agree that an IP address is not sufficient evidence by itself, but it shouldn't be thrown out completely.

domovoi wrote:

It's not like these BT trackers are notoriously inaccurate in the seed/peer lists they produce.

Actually, they are. Some trackers deliberately include random "chaff" IP addresses in their database, which is supposed to provide plausible deniability but probably only ends up framing innocent people (and printers).

These firms generally claim to actually download and verify the contents of the file being offered from a specific IP address, though, to prevent some of these problems.